2012-01-29 @ admin
The Internet presents a tremendous opportunity for new and existing businesses, but selling goods and services on the Internet presents a set of challenges – like how to set up and maintain a secure, reliable, and cost-effective system for payment processing and managing transactions. Phillips discusses the incentives and barriers of implementing electronic payment systems by government organizations. The most incentive is found to be the reduced cost and the strongest barrier is the lack of integration capability. In recent years, there have been some discussions on the characteristics of various payment systems as well as the critical issues of implementing such systems. For example, Lee et al. discusses technological, economical, social, and regulatory aspects of electronic payment systems. Abrazhevich provided similar discussions on the classification and characteristics of electronic payment systems. Hsieh briefly discusses several requirements such as accessibility, expense, security, and technology requirements of electronic payment systems. These discussions cover all available types of payments tools, and they are mostly directed toward consumers. Several issues need to be resolved before integrating a third-party payment solution to a merchant system – the most important are the security, cost, and complexity.
The security of a financial transaction is of utmost concern when dealing with many parties, especially over the Internet. Consumers must be able to send their financial information to an online merchant without the fear of eavesdropping. They should also be comfortable with the identity of the merchant, that the cyber-merchant is reliable and not bearing a fake identity. The merchant should also be able to send financial information securely to the payment gateway. The technology that addresses these issues is the secure socket layer (SSL) protocol, which uses public- and private-key encryption mechanisms to communicate between a browser and a Web server as well as to authenticate a Web server. If the merchant is planning for international business, then SSL-encryption key should be 40-bit instead of 128-bit standard for the United States. In order to use SSL, a merchant needs to apply for a digital certificate to a Certification Authority (CA) suchas VeriSign, get the certificate, and bind it to the IP address of the merchant Web server. The merchant also needs to configure the Web server to accept SSL transmission and develop the payment-related Web pages such that they use HTTPS, the secure version of Hypertext Transfer Protocol.
Fraud prevention such as unauthorized credit card purchase is another important issue for a merchant, because the law provides a consumer liability limit up to $ 50 if someone uses his/her credit card fraudulently. The merchant is liable for bad transactions – neither the customer, nor the credit card issuer. Thus it is im-
portant to use address verification service (AVS) which verifies key components of a customer’s shipping addresses against addresses that the credit card issuer has on record for the customer. Research shows that about 65% of the time, criminals using fraudulent credit card account numbers, do not know the account’s related billing address. Various other security measures should be implemented for an online purchase, such as, how many times a customer can enter wrong credit card information before it is rejected. In addition, an upper purchase limit to a single transaction or the number of transactions per day by the same credit card number should be controlled.
According to a very recent report, about 8 million account numbers of MasterCard, Visa, and American Express credit cards have been compromised from a third-party payment processor. Thus the merchant needs to safeguard the private key used for SSL encryption as well as the consumer privacy information such as credit card numbers and personal data stored in the merchant database. The private key and the credit card number should be stored in the encrypted form, and access to these information should be highly restricted. All sensitive data should be kept behind a firewall and may be in a different database than the one used for the product catalog. To implement these security protocols and to safeguard data requires technical expertise as well as money, both of which might be limited to a small merchant.
There are several costs associated with the development and operation of a payment mechanism, and they are all borne by the merchant. Irrespective of the type of payment mechanism implemented, there is always a cost associated either with the development of the payment-related Web pages or integrating the payment software with the catalog pages. This requires in-house technical expertise or consulting service from a payment provider, where the later might cost about $ 200/hour for a merchant. For merchant-oriented applications, there is also a cost associated with the purchase or lease of the software, and often there are monthly or yearly fees associated with the software license and future upgrades. For payment gateway-oriented applications, commonly there is an application fee, a monthly gateway access fee, and statements fees.
There is always an operational cost associated with any credit card processing whether it is performed online or offline. It arises mainly due to the charge placed by the banks and credit card network to process a transaction. Generally, there is a fixed charge for each transaction and a discount rate charged as a percentage of each order-amount. The charges for Internet transactions are often the same as the mail or telephone order transactions, and all of which cost significantly higher than the offline transactions. For example, the discount rate and transaction fee for an Internet transaction are 2.39%and $ 0.30 respectively, while those forthe standard swipe retail are 1.69% and $ 0.20. The costs are even higher for international transaction, which are about 3.25% and $ 0.30, respectively.
The above charges do not significantly vary from one payment provider to another, however, there might be additional charges from a payment gateway if it is not acting as an acquirer. Some payment gateways charge by the volume of transactions, while others provide free transactions up to certain numbers. For merchant-oriented applications, there might be a batch transaction fee and it can run about 10 to 40 cents per batch. There is also a cost for charge back, which is a reversal against a sale that was an error, misunderstanding by the customer, or fraud. It can cost about $ 10-$ 25 per charge back. For all non-card present situations such as the Internet, there might be an authorization/verification or AVS (Address Verification System) charge, which might cost about 5 to 10 cents per transaction.
The explosive growth of payment gateways provides a variety of real-time credit card processing options available to an online merchant than can be found for a physical store. For example, all large companies such as Authrize.Net, CyberSource, iTransact, LinkPoint, PaymentOnline, and VeriSign, offer at least three different types of such solutions. In the physical store, the integration of a payment system with an existing point-of-sale system is through a standard hardware/software interface. However, in the online business, the integration is through the software and there is no standard used by various payment gateways. All online payment applications require certain level of coding and merchant-oriented applications use various technologies such as HTML, ActiveX, ASP, JSP, XML, ODBC, JDBC, or JavaBeans to integrate payment gateways with the e-commerce servers. A merchant must have technical capabilities or means to implement these technologies. Some payment systems are also platform dependent. Thus, integration of a payment system with an existing e-commerce system might be an overwhelming effort, unless a particular payment system is considered during the design phase of the e-commerce system. Furthermore, all payment systems require testing the whole payment cycle, including the authorization, settlement, and refund, using a valid credit card number.
Another complexity might be due to the level and type of service provided by the payment gateway provider, especially in the case of one-click approach where all transaction data resides with the provider. The merchant is limited by the way the company provides access to the database server, type of search for a particular transaction, refund procedure, audit trails, and statements.
I have provided an overview of the credit card processing mechanism and some insight into the realtime online credit card processing systems. Critical factors such as cost, complexity, and security associated with the implementation and maintenance of such systems are also discussed. No matter what method of payment processing mechanism is considered, an online merchant must realize that real-time payment processing can be highly complex – there is no one-size-fits-all solution for all merchants. Whatever payment software is chosen, it needs to be integrated with the e-commerce system, unless one can purchase an integrated e-commerce and payment system (check out imprest system advantages). Furthermore, choosing the right payment gateway-provider can relieve a lot of headache of handling payments and interacting with other parties of e-business processes. A payment gateway must support all aspects of payment processing – authorization, capture of funds, refunds, and reports. Products offered by selected vendors should be compared according to the factors such as complexity of the system and software, implementation time and cost, software cost and maintenance fees, transaction costs, and security features for consumers and merchants.